CVE-2013-1287 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2013-1287

Modified

More Info Official Page

Source-secure@microsoft.com

Published At-13 Mar, 2013 | 00:55

Updated At-29 Apr, 2026 | 01:13

The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 7.2

Base severity: HIGH

Vector:

AV:L/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Microsoft Corporation

>>windows_xp>>*

cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Microsoft Corporation

>>windows_xp>>-

cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Microsoft Corporation

>>windows_server_2003>>*

cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*

Microsoft Corporation

>>windows_vista>>*

cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*

Microsoft Corporation

>>windows_vista>>-

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>*

cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>*

cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>-

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>*

cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>*

cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*

Microsoft Corporation

>>windows_server_2012>>-

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.us-cert.gov/ncas/alerts/TA13-071A	secure@microsoft.com	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-027	secure@microsoft.com	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16498	secure@microsoft.com	N/A
http://www.us-cert.gov/ncas/alerts/TA13-071A	af854a3a-2127-422b-91ae-364da2661108	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-027	af854a3a-2127-422b-91ae-364da2661108	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16498	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://www.us-cert.gov/ncas/alerts/TA13-071A

Source: secure@microsoft.com

Resource:

US Government Resource

Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-027

Source: secure@microsoft.com

Resource: N/A

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16498

Source: secure@microsoft.com

Resource: N/A

Hyperlink: http://www.us-cert.gov/ncas/alerts/TA13-071A

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

US Government Resource

Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-027

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16498

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A